SAP BW Authorisation in Bo

Similar Messages

• SAP BPC AUTHORISATION

  Dear all,
  I am seeking documents or step by step guide on SAP BPC overview and SECURITY authorisation?
  can someone advice where I can locate this information from?
  thanks all,

  http://service.sap.com/instguidescpm-bpc
  https://www.sdn.sap.com/irj/scn/wiki?path=/x/zb4
  For BPC security.. please go through this link..
  https://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/604e3755-ffd6-2a10-0eb4-cbdfbeda45d9#rating
  hope this would help you.

• SAP HR Authorisation - retriction

  Hello,
  I have given a group of SAP HR users access to transaction PA30 including info types, however I want to restrict them from changing their own personal data.
  Can someone give me a step by step guide to carry out this authorization?
  Regards
  Fuzail

  My quick guide to understanding P_PERNR:
  Authorisation level:
  R = Read
  M = Matchcode (allows access via search help - especially infotype 0002 is used in searches)
  W = Write (includes create, change, delete)
  (E/D/S = creating locked records and unlocking the record)
  Infotype:
  In P_PERNR my first assumption is that user should be able to see all data recorded about him/herself. In many organisations users can maintain bank details (0009), address details (0006) and family memebers (0021).
  PSIGN:
  This is where I get always confused but my rule of thumb is: Add "I" here if you want to include that access defined and E if you want to exclude the access defined. In ESS role I use only "I".
  Subtype:
  Depends on the infotype access given.
  So above settings in ESS role would go like this:
  P_PERNR
  AUTHC: R, M
  INFTY: *
  PSIGN: I
  SUBTY: *
  P_PERNR
  AUTHC: W
  INFTY: 0006 ,0009, 0021
  PSIGN: I
  SUBTY: *
  Cheers, s

• SAP HR Authorisation

  Where would authorisation amount be stored in HR. i.e i need to extract from HR whether a user has the correct authorisation to approve a workflow based on the users amount
  e.g if i have an invoice for $500,000 and the user is only able to approve invoices up to $100,000 i need to find the users manager  and check if he has authorisation to approve an invoice for $500,000 and keep going up the org chain to find the user that does.
  Do you have any info on what infotype i would use etc ?
  thanks,

  Hi,
  This is not an HR authorisation issue. Workflow should be routed only to user(s) who can approve it. There is a problem in workflow agent rules if someone is getting tasks to their inbox which they shouldn't be allowed to action. Find out about creating workflow agent rules in transaction PFAC.
  Regards,
  Saku

• SAP in authorised training centers (New Delhi)

  Hello everyone,
  I got a mail from Infosat Corp New Delhi that for 40000INR training will be provided by real time consultants and job placement will be in top MNC. To how far these institutes are correct. What is the fee for training in Siemens on FICO. I know FICO very well but I was with no certification and domain. Are there any current openings for freshers in any companies in India ? If I take certification Siemens, can I  expect any job with that certification ?
  Please somebody give me your suggestion ? I am very hungry for a job on SAP.. By any means I want to join in SAP ...
  Thank you,
  Suresh

  Dear Suresh,
  Visit the following thread:
  http://sap.ittoolbox.com/groups/career/sap-career/sap-training-from-siemens-delhi-623438
  Education Partners:
  http://www.sap.com/asia/services/education/centres/partners.epx
  Siemens Information Systems Limited
  1st Floor, VIPPS Centre
  2, Local Commercial Complex, Masjid Moth
  Greater Kailash - 2 New Delhi - 110048
  Tel: (91) 11 299220694/29220695/29220696/ 29220697/29221248/29216047/29221247
  Fax: (91) 11 29214685
  Contact Person: Ms.Rochika Bhatia
  E-mail: [email protected]
  Genovate Solutions is not in Delhi. So you are left with only one option if you want to go for authorized training.
  Regards,
  Naveen.

• SAP HR Authorisation P_TCODE, S_TCODE

  Hi all,
  Can someone advice to me what are P_TCODE and S_TCODE AUTH Objects?
  I have a payroll report to add to a role, and wanted to know which OBJECT I assign this to, is it P_TODE or S_TCODE,?
  whats the difference, and is there a document I can use to add the report to a menu within PFCG?
  Thanks all

  P_TCODE relates to special HR defined security. Simply having a '*' in S_TCODE will not allow users to perform certain HR transactions and it serves as a safety net in those cases. The system checks this value on items such as editing features and maintaining personnel control records.
  You can also use authorizations for the S_TCODE authorization object (Check Transaction Code at Start of Transaction) to protect the HR transactions. In this context, note that the P_TCODE authorization object was implemented before the S_TCODE authorization object. The P_TCODE authorization object was maintained as an additional protection measure given the increased need for the protection of person-related data.

• BEX Selection Screen Authorisations

  Hi all,
  I have developed a new authorisation role for a demand planner in APO. Part of its function is to allow the user to run a BEX report on a remote cube. This is working, apart from the selection screen when running the BEX query does not appear. This is NOT due to personalisation of variables.
  When I grant the same user the SAP_ALL profile, the selection screen appears when repeating this test. I have ran traces and gone through the SAP_ALL profile and ensured that every BW object I could see existed in my new role.
  Sadly I have not reached an answer as to what is missing in my role. Any ideas?
  I appreciate any help you can give on this matter.
  Kind regards,
  Nick

  Hi Ravi,
  There is one characteristic in the query that I've made authorisation relevant, 'Sales Org'. I have added the associated authorisation object to the role and as a test I've also given full access to this object in PFCG. This is why I would still expect it to prompt me with a selection screen.
  Sadly this is not the case. Do you have any other ideas? I do believe it is to do with at least 1 other SAP standard authorisation object, I just can't find which one it is.
  Thanks, Nick

• How to authorise users only for specific GL accounts

  Hi friends,
  My client does not want his endusers to see all the GL accounts' balances, they want to restrict them from looking at certain GL a/cs .From my security person I came to know that we cant restrict them only for certain GL accounts, it could eithre be all or none.
  I dont agree with that.
  Please guide if you know anyhitng about it.
  Thanks
  Shefford

  You can use the Authorization Group field in the G/L account master record (field SKB1-BEGRU, free text field) for this purpose. You can then use authorization object F_BKPF_BES to manage the different authorizations.
  Click <a href="http://sap.ittoolbox.com/groups/technical-functional/sap-acct/authorisation-based-on-gl-accounts-727160">here</a> for more information.
  Points are appreciated.
  Kind regards,
  Lodewijk

• Dcs interface with sap pm

  Dear experts,
  can anyone explain me the basic steps and information  regarding dcs interface with sap .
  i want to do this sap implementation for the thermal power station.     i want to generate notifications and work orders when the parameteres of particular equipment crosses its range.
  how the important parameters from the dcs is linked with sap server.  how i can get the data from dcs and pass it to the sap system.
  can anyone give the helping hand.

  Hi,
  You can use XI as a connector instead of ALE to connect mySAP ERP to SAP Business One. The DI API is the connector for SAP Business One.
  The DI API or Data Interface API is part of Business One and the Business One SDK. B1i exists to easily connect mySAP and SAP Business One without typical coding that would be required simply by using XI to connect with SAP Business One and mySAP. B1i contains all of the connections, pre-defined content, message handling and error correction for common business scenarios to connect these to systems. Without B1i, you have to hand code everything. If you are not connecting with SAP Business One, then you may not have a need or requirement to use B1i. There are more detailed whitepapers here from the SAP Business One main page on SDN. You should have a look at those.
  You should have SAP Portal authorisation to access the following info. Go to sevicemarketplace -> smb -> SBO -> Install'n'Updates->Updates->Updates for SAP Business One->SAP Business One Releases prior to 2004->SBO-MYSAP INTEGRAT.TOOLKIT 1.5.
  You can find there an presentation how to Integrate SBO with mySAP via XI (https://websmp203.sap-ag.de/~sapidb/011000358700002285912003E.ppt)
  Thanks
  Swarup

• User authorisation matrix

  Dear all,
  We are using BI7.00. We now require one report to get the details of user authorisation, i.e., for example one user U1 may be authorised for 10 Transactions in R/3, we want to get the list of such authorisation in the following way. Is there any standard data source or any method of adopting the same.
  Requirement
  Company --->Plant ->  Module>T.Code->User----
  > Authorisation
  4000----->    4100>   QM> QA32>4100QMC01->u221A
  If authorisation is available then a TICK mark should be shown. In the above the user 4100QMC01 is authorised for transaction QA32 and hence in the column authroisation a TICK mark is shown.
  Can experts provide ideas of obtaining the same.
  Regards,
  M.M

  Dear Asish,
  Thank you for your input. I tried to achieve my requirement using a FLFL data source, but the output is not as desired by me.
  I have the fields company,plant, user name, t.codes, authorisation. I have loaded the data through excel and when the display is seen in the report the value is shown as below.
  SAP users -
  > user1---->user2--
  >user3
  SAP transaction code sap user authorisation-> ?>?--
  >?
  QA32
  QP01
  QM01
  I have maintained all the infoobjects as character as for me i do not have any key figure. In the column i have SAP users and SAP Authorisation and in the rows in have SAP transaction code.
  What should i do to get the output as shown below.
  SAP Users -
  User1-->users2--
  >user3
  Sap t.codes
  QA32----
  >?
  QM01----
  >?
  QP01----
  >?
  "?" is nothing but the value which indicates that the specified user has authorisation for the respective t.code.
  Hope you will help me solve the problem.
  Regards,
  M.M

• How to delete a workbook in Bex created by other user

  Hi,
    I had a query in BW,My requirment is to delete the query.....when i tried to delete the query the system is not allowing me to delete as some one created a workbook on that query
  When i tried to access the workbook in query designer find option i can't able to locate the work book...
  Please advise on how to delete the workbook and then the query
  i got sap all authorisations
  Thanks

  Hi ,
  RSZDELETE tcode is used to delete the query as well as work book also.
  when you are deleting the query it will ask for work book also.
  Thanks & Regards,
  Ramnaresh . P.

• Error 513 while creating support message help menu in Solman system.

  Hi Expert
  I am trying to create support message though help in the Solman system. But i am getting an "error 513 message has not created in the Solution manager system".
  - maintained the BCOS_CUST table with RFC - NONE
  - have SAP ALL authorisation
  - using the transaction type SLFN for support message.
  - Check the Action profile for SLF1 and found OK.
  - Also refered some notes in the sap and implemented but still i am getting the same error.
  Please advice.
  Regards
  Kumar.

  HI
  Do u have BP existing for ur id in solman
  Use BP_GEN to create bp for ur user id
  otherwise using BP tcode and check if the identification tab is carrying details for solman system with curent client and userid
  Hope it solv ur prb
  Regards
  Prakhar

• Certification for WM

  Hi
  I know this question has been posted before, but I didnt find the answer I was looking for.
  I am interested in WM certification.
  Is the SAP WM certification called : SAP Consultant Certification Solution Consultant SCM u2013 WM & LE with mySAP ERP 2005, if not, can you post the link to the exact requirements.
  And internet/google has a lot of sample MM questions, but I cannot find any WM questions.
  Can somebody please suggest me both sample (to start with) and SAP WM certification books (to buy).
  This will be a great help, look forward to hear.
  Regards,

  Dear Friend,
                     As u mentioned that  SCM u2013 WM & LE with mySAP ERP 2005 Certfication exam is there, but u want to attend the class room training in SAP or Authorised Centres. Its very mandatory to write this Certfication exam....
  SCM601 - Processes in Logistics Execution
  SCM610 - Delivery Processes
  SCM611 - Transportation
  SCM630 - Warehouse Mangement
  SCM631 - Additional Topics in WM
  From sas...

• Parking and posting invoice document (MIR4 & MIR7)

  Hi Expert,
  We Have 2 different SAP User IDs (MMADMIN/FIADMIN) having same role and profile (SAP All Authorisation). The Functionality is like that we parked (MIR7) invoice document through MMADMIN and we need to post that one through FIADMIN (MIRO).
  Now we have Parked document through MMADMIN by MIR7 Transaction, But when I entered in MIRO transaction through FIADMIN and click on Show Worklist,
  We havenu2019t seen that list in FIADMIN.But list has been seen in MMADMIN.
  Thanks
  Lavlesh

  Hi,
  the purpose of worklist is little bit different. Here is a quote from [SAP documentation|http://help.sap.com/saphelp_erp2005/helpdata/EN/14/ce4738c8a64338e10000009b38f842/content.htm]
  You can use the worklist in the applications Enter Invoice and Park Invoice. The worklist displays invoice documents that you have already processed using the transactions Enter Invoice or Park Invoice, but which have not yet been posted and for which you are the last processor. The documents are displayed under the following nodes:
  Basically the user needs to be last processor. But SAP support entering invoice by more than one user. Again more info in [SAP documentation|http://help.sap.com/saphelp_erp2005/helpdata/EN/82/5c2f38e80d2805e10000009b38f889/content.htm]. User FIADMIN can also use report MIR5 to get all parked documents.
  Cheers

• Authorizations for report PC00_M99_CIPE  by field PayrollArea

  Hi experts.
  I have the following requirement:
  I need that by authorization the system allows to the managers of HR execute the  report standard PC00_M99_CIPE .
  only for the employee that have in the infotype 0001 field payroll area the same value that have the manager
  in his role.
  Example :
  Employee1
  Payroll area = A1
  Employee2
  Payroll area = A2
  Employee3
  Payroll area = A1
  Employee4
  Payroll area = A1
  Employee5
  Payroll area = A3
  Employee6
  Payroll area = A3
  When the Manager of HR execute the report, the system just take into account the employee that have Payroll area = A1 and A3 and not the employee with  Payroll area = A2.
  How can do this using roles, if the object P_ORGIN not have the field  Payroll area . I checked the t.code SU24.
  Thank in advance for your help,
  Best Regards

  As far as I understand your issue you require 2 things.
  1. You want to segregate the access to Employees by their Payroll Area.
  2. You require that segregation only for transaction PC00_M99_CIPE.
  As you have mentioned already P_ORGIN does not check the Payroll Area.
  I would apporach that as follows.
  Solution for number 1.
  A new Authorisation Object is required which will allow to check the Payroll Area. That can be done in transaction SU21. If you haven't created any object class in the customer naming space before I suggest you create a new customer object class first. That is what looks like a folder and than you create in that object class a new Authorisation Object which has the field Payroll Area.
  You than assign the new authorisation object to the manager roles and just give them access to their payroll area.
  Solution for number 2 (enabling the new Authorisation Object).
  That will require some ABAP development. However you will get away without any modification. SAP has provided a BAdI to get that working.
  Lets step through that:
  You will need to implement SAP BAdI Definition HRPAD00AUTH_CHECK. BAdIs can be implemented with transaction SE19.
  When implementing the BAdI you must ensure that you always call the SAP standard. If we do not do that the SAP HR standard checks will not work.
  Therefore when you implement the BAdI do the following.
  - Create a class attribute in the implementing class of the BAdI. The attribute is a reference to the SAP standard authorisation class. The attribute should have Type : TYPE REF TO CL_HRPAD00AUTH_CHECK_STD
  - Create a Class Constructor in the implementing class of the BAdI. The class constructor should now create an instance of the SAP standard authorisation class. That instance is the attribute you have declared before.
  - Now you go through ALL the methods. In every method you must check first if your class attribute is not initial otherwise create an instance of the SAP standard authorisation class (That instance is the attribute you have declared before and should normally exist as result of the Class Constructor). Than you call the Interface Method of the SAP standard authorisation class. The interface method must have the same method name in comparison to the method you are working on.
  - If that has been done in ALL methods SAP standard is working again.
  Now the ADD ON for the new authorisation object.
  - Go in METHOD IF_EX_HRPAD00AUTH_CHECK~CHECK_AUTHORIZATION of the BAdI implementation.
  - After the call of the standard authorisation check at the end of the method you add your code for the new authorisation object.
  - First check the SY-TCODE is equal to PC00_M99_CIPE
  - now Read Infotype 0001 of the employee which is passed in the BAdI Method as import parameter.
  - Call the authorisation check (use the pattern function in the ABAP editor) for your new authorisation check. You pass the payroll area of the employee which you will have retrieved in the previous step.
  - check the SY-SUBRC after the authorisation check.
  - if SY-SUBRC is not initial, clear the Method export parameter IS_AUTHORIZED.
  Hope that helps.
  Best regards
  Karsten
  I
  Edited by: Karsten Arold on Jul 25, 2010 12:12 PM
  I have created a documentation with screen shots on how to do it.
  Please follow the link. http://www.mediafire.com/file/k6r4yb862w7revi/Creation of a new HR Authorisation Checks.pdf